Iran Appears to Expand War to Cyberspace | NBC News The Iran-linked attack on Stryker is raising important questions about critical infrastructure security. TrustedSec Founder and CEO David Kennedy joins NBC News to discuss the broader implications of these attacks and what organizations and individuals can do to stay protected. Learn more about TrustedSec at https://trustedsec.com/.

Originally from From TrustedSec: Iran Appears to Expand War to Cyberspace | NBC News ( :-{ı▓ #TrustedSec #Pentesting #cyberresearch

Iran Targets Stryker with Major Cyber Attack | Fox News Channel Iran targeted Stryker, a U.S.-based medical equipment company, in a major cyber attack this week. TrustedSec Founder and CEO David Kennedy joins Fox News Channel to discuss the attacks and what organizations can do to stay ahead of them. Learn more about TrustedSec at https://trustedsec.com/.

Originally from From TrustedSec: Iran Targets Stryker with Major Cyber Attack | Fox News Channel ( :-{ı▓ #TrustedSec #Pentesting #cyberresearch

LnkMeMaybe - A Review of CVE-2026-25185 A Windows shortcut (.lnk) seems very simple on the surface. It is a file that points somewhere and tells the system to open or execute a resource. A shortcut is relatively easy to overlook and can be spoofed to look…

Originally from TrustedSec: LnkMeMaybe - A Review of CVE-2026-25185 ( :-{ı▓ #trustedsec #pentesting #cyberresearch

Building a Detection Foundation: Part 3 - PowerShell and Script Logging The Second Most Important Data Source You're Probably Not CapturingIn Part 2, we enabled process creation logging with command lines. That's a big step forward. But here's the thing about PowerShell:…

Originally from TrustedSec: Building a Detection Foundation: Part 3 - PowerShell and Script Logging ( :-{ı▓ #trustedsec #pentesting #cyberresearch

IR Evolve - Security Noise Ep 8.11 How is incident response (IR) changing as threats are advancing? Increasing attack speeds and dropping exfiltration times have responders on high alert. On this episode of Security Noise, we invite TrustedSec's Incident Response Practice Lead Ryan Macfarlane on the podcast to discuss current findings in the digital forensics and IR space and how AI impacts cybersecurity. Ryan also talks about his time as an FBI Cyber agent. About this podcast: Security Noise, a TrustedSec Podcast hosted by Geoff Walton and Producer/Contributor Skyler Tuter, features our cybersecurity experts in conversation about the infosec topics that interest them the most. Find more cybersecurity resources on our website at https://trustedsec.com/resources.

Originally from From TrustedSec: IR Evolve - Security Noise Ep 8.11 ( :-{ı▓ #TrustedSec #Pentesting #cyberresearch

Building a Detection Foundation: Part 2 - Windows Security Events The Audit Policies Nobody ConfiguresIn Part 1, we looked at why relying on a single telemetry source is a recipe for blind spots. Now let's get practical. Windows has a rich set of security auditing capabilities…

Originally from TrustedSec: Building a Detection Foundation: Part 2 - Windows Security Events ( :-{ı▓ #trustedsec #pentesting #cyberresearch

Webinar - CMMC Challenges and Misunderstandings The defense supply chain is struggling with CMMC implementation, and it’s not because the requirements are inherently complex. The problem is misinformation, scope creep, and upstream contractors who don’t understand when CMMC actually applies. During our next webinar, our experts will cover the misunderstandings that are creating the most problems for contractors and subcontractors, from CUI marking confusion to unnecessary Level 2 requirements. In this live session, we will cover: - Understanding what CUI really means and when protection is actually required - Distinguishing between ITAR, classified information, and legitimate CUI - Identifying when CMMC Level 2 certification is truly necessary - Managing upstream contractors who are overreaching with CMMC requirements - Controlling scope creep in your compliance program - Ensuring external service provider compliance without overcomplicating the process Join us for an in-depth session with Director of Advisory Services Chris Camejo and Compliance Practice Lead Lee Quinton that addresses the real challenges you’re facing in your CMMC journey. They’ll dig into the specific issues that are causing delays, increasing costs, and creating compliance headaches across the defense industry. Designed for contractors, subcontractors, and service providers, this webinar will provide practical, actionable guidance to navigate CMMC requirements effectively. Get the clarity your CMMC program needs to succeed. Let’s tackle your CMMC questions together!

Originally from From TrustedSec: Webinar - CMMC Challenges and Misunderstandings ( :-{ı▓ #TrustedSec #Pentesting #cyberresearch

Obviously, you have to call an AI "Jarvis" #ai #podcast When AI can integrate across projects, systems, and security with a simple text, innovation stops being theoretical — it becomes reality. Watch the full episode "Ten Years: A Decade of Doing This" now! https://youtu.be/zlaWEVnu8Pg

Originally from From TrustedSec: Obviously, you have to call an AI "Jarvis" #ai #podcast ( :-{ı▓ #TrustedSec #Pentesting #cyberresearch

Discord Livestream - AMA: Incident Response Join us for our next Discord Livestream “AMA: Incident Response” on March 19 at 11:00am ET! Incident Response Practice Lead Ryan Macfarlane will field your questions on what TrustedSec is seeing on IR engagements, common attack vectors, as well as AI threats and how criminal and nation state actors are using it. Ryan is also willing to answer questions about his time as an FBI Cyber agent – questions about aliens will be considered on a case-by-case basis ;) Bring all your incident response questions and connect with our Discord community!

Originally from From TrustedSec: Discord Livestream - AMA: Incident Response ( :-{ı▓ #TrustedSec #Pentesting #cyberresearch

AI-Generated Zoom Video Attacks? It's more common than you think. #podcast #security We are getting a lot of requests for AI-generated Zoom video attacks! It's ramping up quick. Watch the full episode on LLM attacks now! https://youtu.be/QA_j4ZUYDAs

Originally from From TrustedSec: AI-Generated Zoom Video Attacks? It's more common than you think. #podcast #security ( :-{ı▓ #TrustedSec #Pentesting #cyberresearch

Building a Detection Foundation: Part 1 - The Single-Source Problem The Uncomfortable Truth About Your Telemetry Let me start with an observation that might hit close to home. In my years working Incident Response cases and running Tabletop Exercises, I've noticed a pattern that…

Originally from TrustedSec: Building a Detection Foundation: Part 1 - The Single-Source Problem ( :-{ı▓ #trustedsec #pentesting #cyberresearch

Ten Years: A Decade of Doing This - Security Noise Ep. 8.10 It's our 10TH ANNIVERSARY! In this episode of Security Noise, we react to some significant developments in InfoSec, including Microsoft's integration of Sysmon into Windows. We are joined by TrustedSec Founder and CEO David Kennedy to celebrate a decade of our podcast and talk about the early years. As we reminisce, Skyler digs through the archives and pulls up some old clips to see how TrustedSec has evolved in the cybersecurity space over the years. Lastly, but not leastly, we are joined by Senior Security Consultant Kelsey Segrue as she gives her analysis on the U.S. Government's newly-conquered control over TikTok and we discuss the future of social media platforms. Tune in and turn up for this trip down memory lane! About this podcast: Security Noise, a TrustedSec Podcast hosted by Geoff Walton and Producer/Contributor Skyler Tuter, features our cybersecurity experts in conversation about the infosec topics that interest them the most. Find more cybersecurity resources on our website at https://trustedsec.com/resources.

Originally from From TrustedSec: Ten Years: A Decade of Doing This - Security Noise Ep. 8.10 ( :-{ı▓ #TrustedSec #Pentesting #cyberresearch

"Signal Sniffer" Tracks Pacemaker Signal | NewsNation From genetic genealogy to camera footage, authorities are employing multiple strategies to profile the kidnapper of Nancy Guthrie. TrustedSec Founder and CEO David Kennedy joins NewsNation to discuss his work with law enforcement, specifically leveraging "signal sniffer" technology to extend search ranges and detect the unique electronic signature of Guthrie’s pacemaker. Learn more about TrustedSec at https://trustedsec.com/.

Originally from From TrustedSec: "Signal Sniffer" Tracks Pacemaker Signal | NewsNation ( :-{ı▓ #TrustedSec #Pentesting #cyberresearch

"Signal Sniffer" to Aid in Nancy Guthrie Kidnapping | CBS Evening News While authorities await DNA results and review limited doorbell footage, a new technological edge may aid the search for Nancy Guthrie. TrustedSec Founder and CEO David Kennedy joins CBS Evening News to discuss his "signal sniffer" technology. He talks about how the tool could assist in picking up her specific pacemaker signal from hundreds of feet away and locate Guthrie. Learn more about TrustedSec at https://trustedsec.com/.

Originally from From TrustedSec: "Signal Sniffer" to Aid in Nancy Guthrie Kidnapping | CBS Evening News ( :-{ı▓ #TrustedSec #Pentesting #cyberresearch

Notepad++ Plugins: Plug and Payload Notepad++ has been in the news recently for a breach of infrastructure associated with the Notepad++ updater. This attack may have allowed an adversary to deliver backdoored updates which could allow arbitrary code…

Originally from TrustedSec: Notepad++ Plugins: Plug and Payload ( :-{ı▓ #trustedsec #pentesting #cyberresearch

LLM = Love Language Model?! - Security Noise Ep 8.9 AI seems to be everywhere in 2026. This can be problematic when it goes undetected in our personal interactions, including our romantic lives though dating apps, catfishing, or romance scams. In this special Valentine's Day episode, Geoff and Skyler talk about the rise in spam tactics, the use of AI in catfishing and social engineering, and the "Dead Internet" theory. They tested some of these tactics, armed with a highly-trained LLM (Love Language Model), and made a "phishy" phone call to TrustedSec's Director of Software Security, Scott White. Find out if their social engineering attempt works and watch now!  About this podcast: Security Noise, a TrustedSec Podcast hosted by Geoff Walton and Producer/Contributor Skyler Tuter, features our cybersecurity experts in conversation about the infosec topics that interest them the most. Find more cybersecurity resources on our website at https://trustedsec.com/resources.

Originally from From TrustedSec: LLM = Love Language Model?! - Security Noise Ep 8.9 ( :-{ı▓ #TrustedSec #Pentesting #cyberresearch

Updated GSA Contractor CUI Protection Requirements CMMC has been getting much of the Controlled Unclassified Information (CUI) attention lately due to the size of the defense industrial base, but General Services Administration (GSA) requirements for protecting CUI are…

Originally from TrustedSec: Updated GSA Contractor CUI Protection Requirements ( :-{ı▓ #trustedsec #pentesting #cyberresearch

Securing Entra ID Administration: Tier 0 Entra ID (formerly Azure AD) is the core service upon which Microsoft 365 applications rely for directory and authentication services. This makes Entra ID security a critical element for any organization that leverages…

Originally from TrustedSec: Securing Entra ID Administration: Tier 0 ( :-{ı▓ #trustedsec #pentesting #cyberresearch

Keys to JWT Assessments - From a Cheat Sheet to a Deep Dive The Cheat Sheet section is for quick reference.The Learn section is for those who have never touched the topic before.The Implement section is for more detailed descriptions of each Cheat Sheet…

Originally from TrustedSec: Keys to JWT Assessments - From a Cheat Sheet to a Deep Dive ( :-{ı▓ #trustedsec #pentesting #cyberresearch

MCP in Burp Suite: From Enumeration to Targeted Exploitation MCP-ASD Burp extension has been submitted to the BApp Store and is awaiting approval.MCP OVERVIEWMCP (Model Context Protocol) servers are becoming more common thanks to their ease of integration with AI systems such as…

Originally from TrustedSec: MCP in Burp Suite: From Enumeration to Targeted Exploitation ( :-{ı▓ #trustedsec #pentesting #cyberresearch

LDAP Channel Binding and LDAP Signing With Microsoft “enforcing” Lightweight Directory Access Protocol (LDAP) Signing by default in Server 2025, it once again seems like a good time to revisit our old friends LDAP Channel Binding and LDAP Signing. It’s…

Originally from TrustedSec: LDAP Channel Binding and LDAP Signing ( :-{ı▓ #trustedsec #pentesting #cyberresearch

Adventures in Primary Group Behavior, Reporting, and Exploitation If you’ve administered Active Directory (AD) for any significant time, chances are you’ve come across the primaryGroupID attribute. Originally developed as a method for AD to support Portable Operating System Interface…

Originally from TrustedSec: Adventures in Primary Group Behavior, Reporting, and Exploitation ( :-{ı▓ #trustedsec #pentesting #cyberresearch

Colonel Clustered: Finding Outliers in Burp Intruder TL;DR, gimme the goods: https://github.com/hoodoer/ColonelClusteredExtension has been submitted to the Bapp store, awaiting approval.This is a Burp Suite extension I’ve been meaning to write for many years, yet somehow…

Originally from TrustedSec: Colonel Clustered: Finding Outliers in Burp Intruder ( :-{ı▓ #trustedsec #pentesting #cyberresearch

CMMC Scope – Understanding the Sprawl The CMMC program contains complex, and potentially confusing, scope requirements. Contractors that are preparing for a CMMC assessment will need to pay close attention to these requirements to achieve compliance. This…

Originally from TrustedSec: CMMC Scope – Understanding the Sprawl ( :-{ı▓ #trustedsec #pentesting #cyberresearch

Updating the Sysmon Community Guide: Lessons Learned from the Front Lines Over the past few weeks I’ve been spending a significant amount of time updating the Sysmon Community Guide. This wasn’t driven by theory, trends, or what 'should' work on paper. It was driven by what we keep seeing…

Originally from TrustedSec: Updating the Sysmon Community Guide: Lessons Learned from the Front Lines ( :-{ı▓ #trustedsec #pentesting #cyberresearch

Limiting Domain Controller Attack Surface: Why Less Services, Less Software, Less Agents = Less Exposure Before we dive in, let’s get all the TrustedSec Certified Absolutes out of the way:All software presents some level of inherent risk.Only required software that cannot live on other systems should be installed on Domain…

Originally from TrustedSec: Limiting Domain Controller Attack Surface: Why Less Services, Less Software, Less Agents = Less Exposure ( :-{ı▓ #trustedsec #pentesting #cyberresearch

Top 10 Blogs of 2025 Everyone has a year-end list, and this is ours. See what our top-performing cybersecurity blogs were in 2025, there could be some you might have missed!

Originally from TrustedSec: Top 10 Blogs of 2025 ( :-{ı▓ #trustedsec #pentesting #cyberresearch

Holy Shuck! Weaponizing NTLM Hashes as a Wordlist Password reuse is common in Active Directory (AD). From an attacker’s perspective, it is a reliable path to lateral movement or privilege escalation. Most IT teams recognize the risk, but longer passwords and password…

Originally from TrustedSec: Holy Shuck! Weaponizing NTLM Hashes as a Wordlist ( :-{ı▓ #trustedsec #pentesting #cyberresearch

What is a TrustedSec Program Maturity Assessment (PMA)? The TrustedSec PMA is a tactical approach to evaluating the components, efficiency, and overall maturity of an organization’s Information Security program.Unlike a traditional compliance audit, the PMA is designed as a…

Originally from TrustedSec: What is a TrustedSec Program Maturity Assessment (PMA)? ( :-{ı▓ #trustedsec #pentesting #cyberresearch

Helpful Hints for Writing (and Editing) Cybersecurity Reports When it comes to reading (and editing) (and proofreading) technical documents, it's important to remember that the details are key, and can make all the difference. Not all readers of technical documents have technical…

Originally from TrustedSec: Helpful Hints for Writing (and Editing) Cybersecurity Reports ( :-{ı▓ #trustedsec #pentesting #cyberresearch